[openssl-commits] [openssl] OpenSSL_1_1_0-stable update

Thu, 28 Jun 2018 16:47:23 -0700 

The branch OpenSSL_1_1_0-stable has been updated
       via  e21602857e79becb64eb8cba3673830bd7a304e3 (commit)
      from  2f1ad5c81bd1856061cfe1c2d36b0af85f05ddf7 (commit)


- Log -----------------------------------------------------------------
commit e21602857e79becb64eb8cba3673830bd7a304e3
Author: Rich Salz <[email protected]>
Date:   Thu Jun 28 18:13:54 2018 -0400

    Zero-fill IV by default.
    
    Fixes uninitialized memory read reported by Nick Mathewson
    
    Reviewed-by: Tim Hudson <[email protected]>
    (Merged from https://github.com/openssl/openssl/pull/6603)
    (cherry picked from commit 10c3c1c1ec41ce16e51b92bb18fab92d1a42b49c)

-----------------------------------------------------------------------

Summary of changes:
 crypto/pem/pem_lib.c | 1 +
 1 file changed, 1 insertion(+)

diff --git a/crypto/pem/pem_lib.c b/crypto/pem/pem_lib.c
index 33c03ee..735cd54 100644
--- a/crypto/pem/pem_lib.c
+++ b/crypto/pem/pem_lib.c
@@ -466,6 +466,7 @@ int PEM_get_EVP_CIPHER_INFO(char *header, EVP_CIPHER_INFO 
*cipher)
     char *dekinfostart, c;
 
     cipher->cipher = NULL;
+    memset(cipher->iv, 0, sizeof(cipher->iv));
     if ((header == NULL) || (*header == '\0') || (*header == '\n'))
         return 1;
 
_____
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

Reply via email to